this tool was build for solve limitations of pwndb:
- 2000 result max
- 45 sec of max_execution_time
- Only "like results" (for pwndb.py)
- Reverse password search
- Check if pwndb server is up
- ...
You can use the script itself or the docker version:
for the script you will need:
- tor (running)
- curl
- bash
- pup (yay -S pup)
then install with:
git clone git@github.com:mmpx12/pwndb.git
cd pwndb
sudo cp pwndb.sh /usr/bin/pwndb
sudo chmod +x /usr/bin/pwndb
For termux run:
apt update && apt install -y tor pup curl
curl -sk "https://raw.githubusercontent.com/mmpx12/pwndb/master/pwndb.sh" > /data/data/com.termux/files/usr/bin/pwndb
chmod +x /data/data/com.termux/files/usr/bin/pwndb
If tor is not running it will start it automaticly and kill it when finish
Run with docker (you should pass --net=host if tor is listening on 127.0.0.1 (by default))
You can build the image with:
docker build . -t pwndb
or
docker pull mmpx12/pwndb
docker run --rm --net host -v `pwd`:/app pwndb -p fuckthepolice
docker run --rm --net host -v `pwd`:/app pwndb -U user.lst -D domains.lst -j 10 -o result.txt
docker run --rm -v `pwd`:/app pwndb -U user.lst -D domains.lst -j 10 -o result.txt -x 192.168.75.123:9050
if tor is listening on 0.0.0.0, 172.17.0.1 or whatever, you can do:
docker run --rm -v `pwd`:/app pwndb --proxy 192.168.75.222:9050 -p fuckthepopo -o pass.lst
-u|--user [USER] user to check
-U|--user-list [FILE] file containing users (1 per line)
-e|--exact check exact user
-d|--domain [DOMAIN] domain
-D|--domain-list [FILE] file containing domains (1 per line)
-b|--brute-force [NUMBER] brute force 1 will be A to Z ,
2 will be AA to ZZ
-p|--password [PASSWORD] reverse password search
-P|--password-list [FILE] file containing passwords
-j|--jobs [number] number of background jobs (max 10, 5 by default)
-o|--output [file] output file
-x|--proxy [IP:PORT] proxy and port of TOR
-s|--server-status check if pwndb server is up and exit
whildecard character is %
Since pwndb is regulary down you can check it with:
pwndb -s
It will exit in both case (up or down)
you can use:
- "-u|--user" with the user you want to test
- "-U|--user-list" a file containing all the user you want to test
- "-e|--exact" check for this users exactly
for resultat like "gmail.com" (limit to 2000 results),
or query that will take more than 45 seconde (exemple -d "%.gouv.fr
)you can use -b 5
, it will brute force from "aaaaa" to "zzzzz" .. it will be slow but works (specialy for query like "%.domain" (1 day and 20h for "%.gouv.fr"))
you can use:
- "-d|--domain" with the domain you want to test
- "-D|--domain-list" a file containing all the user you want to test
you search emails that have specific password with
- "-p|--password" with the password you want to check
- "-P|--password-list" a file containing all the password you want to check
this will act like false "thread" (background jobs, not real thread).
You can use -j|--jobs
for set the number of jobs.
You cant set more than 10 background jobs (with more )
pwndb -u crime -e -d gmail.com -o result.txt
pwndb -u fuck
pwndb -U user.lst -D domain.lst -x 127.0.0.1:9999
pwndb -b 2 -d gmail.com -o result.txt
pwndb -b 4 -j 10 -d "%.gouv.fr"
pwndb -p fuckthepolice -j 10 -x 192.168.75.222:9050